npm - @agent-native/core - Versions diffs - 0.18.1 → 0.19.1 - Mend

@agent-native/core 0.18.1 → 0.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (168) hide show

package/README.md +1 -11
package/dist/a2a/caller-auth.d.ts +1 -0
package/dist/a2a/caller-auth.d.ts.map +1 -1
package/dist/a2a/caller-auth.js +1 -1
package/dist/a2a/caller-auth.js.map +1 -1
package/dist/a2a/client.d.ts +7 -0
package/dist/a2a/client.d.ts.map +1 -1
package/dist/a2a/client.js +3 -0
package/dist/a2a/client.js.map +1 -1
package/dist/agent/production-agent.d.ts +1 -1
package/dist/agent/production-agent.d.ts.map +1 -1
package/dist/agent/production-agent.js +34 -2
package/dist/agent/production-agent.js.map +1 -1
package/dist/cli/code-agent-executor.d.ts.map +1 -1
package/dist/cli/code-agent-executor.js +47 -256
package/dist/cli/code-agent-executor.js.map +1 -1
package/dist/cli/connect.d.ts +94 -0
package/dist/cli/connect.d.ts.map +1 -0
package/dist/cli/connect.js +443 -0
package/dist/cli/connect.js.map +1 -0
package/dist/cli/index.js +16 -0
package/dist/cli/index.js.map +1 -1
package/dist/cli/mcp-config-writers.d.ts +71 -0
package/dist/cli/mcp-config-writers.d.ts.map +1 -0
package/dist/cli/mcp-config-writers.js +210 -0
package/dist/cli/mcp-config-writers.js.map +1 -0
package/dist/client/AgentPanel.d.ts +3 -1
package/dist/client/AgentPanel.d.ts.map +1 -1
package/dist/client/AgentPanel.js +4 -4
package/dist/client/AgentPanel.js.map +1 -1
package/dist/client/AssistantChat.d.ts +3 -0
package/dist/client/AssistantChat.d.ts.map +1 -1
package/dist/client/AssistantChat.js +22 -66
package/dist/client/AssistantChat.js.map +1 -1
package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
package/dist/client/MultiTabAssistantChat.js +4 -1
package/dist/client/MultiTabAssistantChat.js.map +1 -1
package/dist/client/composer/PromptComposer.d.ts +6 -1
package/dist/client/composer/PromptComposer.d.ts.map +1 -1
package/dist/client/composer/PromptComposer.js +5 -4
package/dist/client/composer/PromptComposer.js.map +1 -1
package/dist/client/composer/TiptapComposer.d.ts +6 -1
package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
package/dist/client/composer/TiptapComposer.js +20 -10
package/dist/client/composer/TiptapComposer.js.map +1 -1
package/dist/client/conversation/AgentConversation.d.ts +18 -0
package/dist/client/conversation/AgentConversation.d.ts.map +1 -0
package/dist/client/conversation/AgentConversation.js +94 -0
package/dist/client/conversation/AgentConversation.js.map +1 -0
package/dist/client/conversation/AgentConversation.spec.d.ts +2 -0
package/dist/client/conversation/AgentConversation.spec.d.ts.map +1 -0
package/dist/client/conversation/AgentConversation.spec.js +69 -0
package/dist/client/conversation/AgentConversation.spec.js.map +1 -0
package/dist/client/conversation/index.d.ts +4 -0
package/dist/client/conversation/index.d.ts.map +1 -0
package/dist/client/conversation/index.js +3 -0
package/dist/client/conversation/index.js.map +1 -0
package/dist/client/conversation/types.d.ts +54 -0
package/dist/client/conversation/types.d.ts.map +1 -0
package/dist/client/conversation/types.js +2 -0
package/dist/client/conversation/types.js.map +1 -0
package/dist/client/conversation/use-near-bottom-autoscroll.d.ts +15 -0
package/dist/client/conversation/use-near-bottom-autoscroll.d.ts.map +1 -0
package/dist/client/conversation/use-near-bottom-autoscroll.js +66 -0
package/dist/client/conversation/use-near-bottom-autoscroll.js.map +1 -0
package/dist/client/dynamic-suggestions.d.ts +43 -0
package/dist/client/dynamic-suggestions.d.ts.map +1 -0
package/dist/client/dynamic-suggestions.js +344 -0
package/dist/client/dynamic-suggestions.js.map +1 -0
package/dist/client/index.d.ts +2 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +2 -0
package/dist/client/index.js.map +1 -1
package/dist/client/resources/ResourceTree.d.ts.map +1 -1
package/dist/client/resources/ResourceTree.js +2 -2
package/dist/client/resources/ResourceTree.js.map +1 -1
package/dist/client/resources/ResourcesPanel.d.ts.map +1 -1
package/dist/client/resources/ResourcesPanel.js +4 -28
package/dist/client/resources/ResourcesPanel.js.map +1 -1
package/dist/client/settings/SettingsPanel.js +2 -2
package/dist/client/settings/SettingsPanel.js.map +1 -1
package/dist/code-agents/index.d.ts +1 -0
package/dist/code-agents/index.d.ts.map +1 -1
package/dist/code-agents/index.js +1 -0
package/dist/code-agents/index.js.map +1 -1
package/dist/code-agents/transcript-normalizer.d.ts +50 -0
package/dist/code-agents/transcript-normalizer.d.ts.map +1 -0
package/dist/code-agents/transcript-normalizer.js +356 -0
package/dist/code-agents/transcript-normalizer.js.map +1 -0
package/dist/coding-tools/index.d.ts +31 -0
package/dist/coding-tools/index.d.ts.map +1 -0
package/dist/coding-tools/index.js +411 -0
package/dist/coding-tools/index.js.map +1 -0
package/dist/extensions/schema.d.ts +1 -1
package/dist/mcp/build-server.d.ts.map +1 -1
package/dist/mcp/build-server.js +30 -0
package/dist/mcp/build-server.js.map +1 -1
package/dist/mcp/builtin-tools.d.ts.map +1 -1
package/dist/mcp/builtin-tools.js +85 -26
package/dist/mcp/builtin-tools.js.map +1 -1
package/dist/mcp/connect-route.d.ts +43 -0
package/dist/mcp/connect-route.d.ts.map +1 -0
package/dist/mcp/connect-route.js +744 -0
package/dist/mcp/connect-route.js.map +1 -0
package/dist/mcp/connect-store.d.ts +132 -0
package/dist/mcp/connect-store.d.ts.map +1 -0
package/dist/mcp/connect-store.js +434 -0
package/dist/mcp/connect-store.js.map +1 -0
package/dist/mcp/org-directory.d.ts +83 -0
package/dist/mcp/org-directory.d.ts.map +1 -0
package/dist/mcp/org-directory.js +201 -0
package/dist/mcp/org-directory.js.map +1 -0
package/dist/mcp/server.d.ts +38 -1
package/dist/mcp/server.d.ts.map +1 -1
package/dist/mcp/server.js +208 -77
package/dist/mcp/server.js.map +1 -1
package/dist/scripts/dev/index.d.ts +6 -4
package/dist/scripts/dev/index.d.ts.map +1 -1
package/dist/scripts/dev/index.js +28 -13
package/dist/scripts/dev/index.js.map +1 -1
package/dist/server/agent-chat-plugin.d.ts +6 -6
package/dist/server/agent-chat-plugin.d.ts.map +1 -1
package/dist/server/agent-chat-plugin.js +32 -32
package/dist/server/agent-chat-plugin.js.map +1 -1
package/dist/server/agent-teams.js +2 -2
package/dist/server/agent-teams.js.map +1 -1
package/dist/server/agents-bundle.d.ts +3 -3
package/dist/server/agents-bundle.js +5 -5
package/dist/server/agents-bundle.js.map +1 -1
package/dist/server/auth.d.ts +17 -0
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +149 -33
package/dist/server/auth.js.map +1 -1
package/dist/server/better-auth-instance.d.ts +43 -0
package/dist/server/better-auth-instance.d.ts.map +1 -1
package/dist/server/better-auth-instance.js +25 -0
package/dist/server/better-auth-instance.js.map +1 -1
package/dist/server/core-routes-plugin.d.ts +12 -0
package/dist/server/core-routes-plugin.d.ts.map +1 -1
package/dist/server/core-routes-plugin.js +42 -0
package/dist/server/core-routes-plugin.js.map +1 -1
package/dist/server/identity-sso-store.d.ts +86 -0
package/dist/server/identity-sso-store.d.ts.map +1 -0
package/dist/server/identity-sso-store.js +243 -0
package/dist/server/identity-sso-store.js.map +1 -0
package/dist/server/identity-sso.d.ts +78 -0
package/dist/server/identity-sso.d.ts.map +1 -0
package/dist/server/identity-sso.js +425 -0
package/dist/server/identity-sso.js.map +1 -0
package/dist/server/index.d.ts +1 -0
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +1 -0
package/dist/server/index.js.map +1 -1
package/dist/server/onboarding-html.d.ts.map +1 -1
package/dist/server/onboarding-html.js +2 -1
package/dist/server/onboarding-html.js.map +1 -1
package/dist/server/sentry.d.ts.map +1 -1
package/dist/server/sentry.js +17 -2
package/dist/server/sentry.js.map +1 -1
package/dist/sharing/schema.d.ts +1 -1
package/docs/content/client.md +15 -0
package/docs/content/code-agents-ui.md +25 -4
package/docs/content/cross-app-sso.md +118 -0
package/docs/content/drop-in-agent.md +3 -1
package/docs/content/external-agents.md +130 -51
package/docs/content/frames.md +1 -1
package/docs/content/migration-workbench.md +6 -1
package/package.json +2 -1

package/dist/cli/code-agent-executor.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"code-agent-executor.d.ts","sourceRoot":"","sources":["../../src/cli/code-agent-executor.ts"],"names":[],"mappings":"~~AAyBA~~,OAAO,KAAK,EACV,WAAW,EAKZ,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAEL,KAAK,eAAe,EACrB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAOL,KAAK,kBAAkB,EACxB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IAC/B,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;~~AAsBD~~,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAqSpC;AAED,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,IAAI,CAAC,0BAA0B,EAAE,OAAO,CAAM,GACtD,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAEpC;AAED,wBAAsB,+BAA+B,CACnD,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAA;CAAO,GAC/C,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CA0FpC;~~AAmZD~~,MAAM,MAAM,0BAA0B,GAClC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAChB;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,GACjB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC7C;IAAE,IAAI,EAAE,WAAW,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE1C,wBAAgB,kCAAkC,CAChD,OAAO,EAAE,MAAM,GACd,0BAA0B,~~CAuE5B~~"}
1	+ {"version":3,"file":"code-agent-executor.d.ts","sourceRoot":"","sources":["../../src/cli/code-agent-executor.ts"],"names":[],"mappings":"AA0BA,OAAO,KAAK,EACV,WAAW,EAKZ,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAEL,KAAK,eAAe,EACrB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAOL,KAAK,kBAAkB,EACxB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,0BAA0B;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IAC/B,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAeD,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAqSpC;AAED,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,IAAI,CAAC,0BAA0B,EAAE,OAAO,CAAM,GACtD,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAEpC;AAED,wBAAsB,+BAA+B,CACnD,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAA;CAAO,GAC/C,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CA0FpC;AA6OD,MAAM,MAAM,0BAA0B,GAClC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAChB;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,GACjB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC7C;IAAE,IAAI,EAAE,WAAW,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE1C,wBAAgB,kCAAkC,CAChD,OAAO,EAAE,MAAM,GACd,0BAA0B,CAuD5B"}

package/dist/cli/code-agent-executor.js CHANGED Viewed

@@ -1,8 +1,5 @@
-import { spawn } from "node:child_process";
-import fs from "node:fs";
-import path from "node:path";
-import { once } from "node:events";
 import { createToolSearchEntry, TOOL_SEARCH_ACTION_NAME, } from "../agent/tool-search.js";
+import { createCodingToolRegistry, isReadOnlyShellCommand, runCodingCommand, truncateCodingOutput, } from "../coding-tools/index.js";
 import { buildMergedConfig, McpClientManager, mcpToolsToActionEntries, } from "../mcp-client/index.js";
 import { runWithRequestContext } from "../server/request-context.js";
 import { actionsToEngineTools, runAgentLoop, } from "../agent/production-agent.js";
@@ -144,7 +141,7 @@ export async function executeCodeAgentRun(options) {
                 metadata: {
                     type: "tool_done",
                     tool: event.tool,
-                    result: truncate(event.result, 4000),
+                    result: truncateCodingOutput(event.result, 4000),
                 },
             });
             return;
@@ -338,8 +335,8 @@ export async function executePendingCodeAgentApproval(runId, options = {}) {
             command: approval.command,
         },
     });
-    const result = await runCommand(approval.command, record.cwd || process.cwd(), DEFAULT_COMMAND_TIMEOUT_MS);
-    const summary = truncate([
+    const result = await runCodingCommand(approval.command, record.cwd || process.cwd(), DEFAULT_COMMAND_TIMEOUT_MS);
+    const summary = truncateCodingOutput([
         `Approved command finished with exit code ${result.code}.`,
         result.timedOut ? "Timed out: true" : "",
         result.stdout ? `stdout:\n${result.stdout}` : "",
@@ -534,7 +531,8 @@ Work like a careful senior engineer:
 - In Auto mode, edit files and run ordinary project commands without pausing. Pause only for genuinely destructive operations such as recursive deletes, package publishing, privileged commands, destructive database operations, or forbidden git branch/reset/stash/rebase operations.
 - Do not create, switch, delete, reset, rebase, or stash git branches.
 - Do not run destructive git commands.
-- Use apply_patch or write_file for edits, then run focused verification.
+- Use the shared coding tools: bash for search/list/test/build commands, read for file reads, edit for exact replacement edits, and write only for new files or intentional full rewrites.
+- Prefer edit over write when changing existing files, then run focused verification with bash.
 - Use tool-search when you need a capability that may come from MCP, including browser automation or computer control.
 - Prefer Playwright MCP for deterministic browser testing; prefer Chrome DevTools MCP when the user needs their live logged-in Chrome session.
 - Only use computer-control MCP tools when they are explicitly available and the user request warrants controlling the local computer.
@@ -542,192 +540,45 @@ Work like a careful senior engineer:
 - Respect any AGENTS.md instructions in the repository.`;
 }
 function createLocalCodeAgentActions(cwd, permissionMode, runId) {
-    const actions = {
-        list_files: {
-            readOnly: true,
-            tool: {
-                description: "List files under the current repository/workspace.",
-                parameters: {
-                    type: "object",
-                    properties: {
-                        pattern: {
-                            type: "string",
-                            description: "Optional substring or glob-like fragment to filter.",
-                        },
-                    },
-                    required: [],
-                },
-            },
-            run: async (args) => {
-                const result = await runCommand("rg --files", cwd, 30_000);
-                const output = result.code === 0
-                    ? result.stdout
-                    : (await runCommand("find . -type f | sed 's#^./##'", cwd, 30_000))
-                        .stdout;
-                const pattern = stringArg(args.pattern).toLowerCase();
-                const files = output
-                    .split(/\r?\n/)
-                    .filter(Boolean)
-                    .filter((file) => !pattern || file.toLowerCase().includes(pattern))
-                    .slice(0, 500);
-                return files.join("\n") || "(no files found)";
-            },
-        },
-        search_files: {
-            readOnly: true,
-            tool: {
-                description: "Search files with ripgrep.",
-                parameters: {
-                    type: "object",
-                    properties: {
-                        query: { type: "string", description: "Search query or regex." },
-                        glob: {
-                            type: "string",
-                            description: "Optional glob, for example src/**/*.ts.",
-                        },
-                    },
-                    required: ["query"],
-                },
-            },
-            run: async (args) => {
-                const query = stringArg(args.query);
-                if (!query)
-                    return "Error: query is required.";
-                const glob = stringArg(args.glob);
-                const command = glob
-                    ? `rg --line-number --no-heading ${shellQuote(query)} -g ${shellQuote(glob)}`
-                    : `rg --line-number --no-heading ${shellQuote(query)}`;
-                const result = await runCommand(command, cwd, 30_000);
-                return truncate(result.stdout || result.stderr || "(no matches)", MAX_TOOL_OUTPUT_CHARS);
-            },
-        },
-        read_file: {
-            readOnly: true,
-            tool: {
-                description: "Read a UTF-8 text file inside the workspace.",
-                parameters: {
-                    type: "object",
-                    properties: {
-                        path: { type: "string", description: "Relative file path." },
-                    },
-                    required: ["path"],
-                },
-            },
-            run: async (args) => {
-                const filePath = resolveInsideCwd(cwd, stringArg(args.path));
-                if (!filePath)
-                    return "Error: path must stay inside the workspace.";
-                if (!fs.existsSync(filePath))
-                    return `Error: file not found: ${args.path}`;
-                const stat = fs.statSync(filePath);
-                if (!stat.isFile())
-                    return `Error: not a file: ${args.path}`;
-                return truncate(fs.readFileSync(filePath, "utf8"), MAX_FILE_READ_CHARS);
-            },
-        },
-        write_file: {
-            tool: {
-                description: "Write a complete UTF-8 text file inside the workspace.",
-                parameters: {
-                    type: "object",
-                    properties: {
-                        path: { type: "string", description: "Relative file path." },
-                        content: { type: "string", description: "Full file content." },
-                    },
-                    required: ["path", "content"],
-                },
-            },
-            run: async (args) => {
-                const permissionError = permissionErrorForWrite(permissionMode, "write_file");
-                if (permissionError)
-                    return permissionError;
-                const filePath = resolveInsideCwd(cwd, stringArg(args.path));
-                if (!filePath)
-                    return "Error: path must stay inside the workspace.";
-                fs.mkdirSync(path.dirname(filePath), { recursive: true });
-                fs.writeFileSync(filePath, stringArg(args.content));
-                return `Wrote ${path.relative(cwd, filePath)}`;
-            },
-        },
-        apply_patch: {
-            tool: {
-                description: "Apply a unified git patch from the workspace root. Prefer this for precise edits.",
-                parameters: {
-                    type: "object",
-                    properties: {
-                        patch: { type: "string", description: "Unified diff patch text." },
-                    },
-                    required: ["patch"],
-                },
-            },
-            run: async (args) => {
-                const permissionError = permissionErrorForWrite(permissionMode, "apply_patch");
+    const actions = createCodingToolRegistry({
+        cwd,
+        restrictToCwd: true,
+        commandTimeoutMs: DEFAULT_COMMAND_TIMEOUT_MS,
+        maxOutputChars: MAX_TOOL_OUTPUT_CHARS,
+        maxFileReadChars: MAX_FILE_READ_CHARS,
+        canWrite: (toolName) => permissionErrorForWrite(permissionMode, toolName),
+        beforeBash: ({ command }) => {
+            const permission = classifyCodeAgentCommandPermission(command);
+            if (permission.kind === "forbidden") {
+                return `Error: command is blocked by Agent-Native Code policy: ${permission.reason}`;
+            }
+            if (permission.kind !== "read") {
+                const permissionError = permissionErrorForWrite(permissionMode, "bash");
                 if (permissionError)
                     return permissionError;
-                const patch = stringArg(args.patch);
-                if (!patch.trim())
-                    return "Error: patch is required.";
-                const result = await runCommand("git apply --whitespace=nowarn -", cwd, 30_000, patch);
-                if (result.code !== 0) {
-                    return `Error applying patch:\n${result.stderr || result.stdout}`;
-                }
-                return "Patch applied.";
-            },
-        },
-        run_command: {
-            tool: {
-                description: "Run a shell command from the workspace root. Use for tests, typechecks, and safe project commands.",
-                parameters: {
-                    type: "object",
-                    properties: {
-                        command: { type: "string", description: "Shell command to run." },
-                        timeoutMs: {
-                            type: "string",
-                            description: "Optional timeout in milliseconds.",
-                        },
-                    },
-                    required: ["command"],
-                },
-            },
-            run: async (args) => {
-                const command = stringArg(args.command);
-                if (!command)
-                    return "Error: command is required.";
-                const permission = classifyCodeAgentCommandPermission(command);
-                if (permission.kind === "forbidden") {
-                    return `Error: command is blocked by Agent-Native Code policy: ${permission.reason}`;
-                }
-                if (permission.kind === "approval-required") {
-                    const approval = requestCodeAgentApproval(runId, {
-                        tool: "run_command",
-                        command,
-                        reason: permission.reason,
-                        permissionMode,
-                    });
-                    return [
-                        `Approval required before running this command: ${permission.reason}.`,
-                        `Approval id: ${approval.id}`,
-                        `Command: ${command}`,
-                        "The run is paused; approve from the Agent-Native Code UI/CLI if this command is intentional.",
-                    ].join("\n");
-                }
-                const timeoutMs = Number(args.timeoutMs);
-                const result = await runCommand(command, cwd, Number.isFinite(timeoutMs) && timeoutMs > 0
-                    ? Math.min(timeoutMs, 10 * 60_000)
-                    : DEFAULT_COMMAND_TIMEOUT_MS);
-                return truncate([
-                    `exitCode: ${result.code}`,
-                    result.timedOut ? "timedOut: true" : "",
-                    result.stdout ? `stdout:\n${result.stdout}` : "",
-                    result.stderr ? `stderr:\n${result.stderr}` : "",
-                ]
-                    .filter(Boolean)
-                    .join("\n\n"), MAX_TOOL_OUTPUT_CHARS);
-            },
+            }
+            if (permission.kind === "approval-required") {
+                const approval = requestCodeAgentApproval(runId, {
+                    tool: "bash",
+                    command,
+                    reason: permission.reason,
+                    permissionMode,
+                });
+                return [
+                    `Approval required before running this command: ${permission.reason}.`,
+                    `Approval id: ${approval.id}`,
+                    `Command: ${command}`,
+                    "The run is paused; approve from the Agent-Native Code UI/CLI if this command is intentional.",
+                ].join("\n");
+            }
+            return null;
         },
-    };
+    });
     if (permissionMode === "read-only") {
-        return Object.fromEntries(Object.entries(actions).filter(([, action]) => action.readOnly));
+        return {
+            bash: actions.bash,
+            read: actions.read,
+        };
     }
     return actions;
 }
@@ -767,23 +618,7 @@ export function classifyCodeAgentCommandPermission(command) {
             return { kind: "approval-required", reason };
         }
     }
-    const readPatterns = [
-        /^pwd\b/,
-        /^ls\b/,
-        /^find\b/,
-        /^rg\b/,
-        /^grep\b/,
-        /^cat\b/,
-        /^sed\s+-n\b/,
-        /^head\b/,
-        /^tail\b/,
-        /^wc\b/,
-        /^git\s+(status|diff|show|log)\b/,
-        /^git\s+branch\s+--show-current\b/,
-        /^pnpm\b.*\b(test|typecheck|lint|check)\b/,
-        /^npm\b.*\b(test|run\s+(test|typecheck|lint|check))\b/,
-    ];
-    if (readPatterns.some((pattern) => pattern.test(normalized))) {
+    if (isReadOnlyShellCommand(command)) {
         return { kind: "read" };
     }
     const writePatterns = [
@@ -850,7 +685,10 @@ function getPendingApproval(runId) {
     if (!approval || typeof approval !== "object")
         return null;
     const candidate = approval;
-    if (candidate.tool !== "run_command" ||
+    const tool = candidate.tool === "bash" || candidate.tool === "run_command"
+        ? candidate.tool
+        : null;
+    if (!tool ||
         typeof candidate.command !== "string" ||
         typeof candidate.reason !== "string" ||
         typeof candidate.id !== "string" ||
@@ -859,7 +697,7 @@ function getPendingApproval(runId) {
     }
     return {
         id: candidate.id,
-        tool: "run_command",
+        tool,
         command: candidate.command,
         reason: candidate.reason,
         requestedAt: candidate.requestedAt,
@@ -871,51 +709,4 @@ function getPendingApproval(runId) {
             : "full-auto",
     };
 }
-function resolveInsideCwd(cwd, value) {
-    if (!value.trim())
-        return null;
-    const resolved = path.resolve(cwd, value);
-    const relative = path.relative(cwd, resolved);
-    if (relative.startsWith("..") || path.isAbsolute(relative))
-        return null;
-    return resolved;
-}
-async function runCommand(command, cwd, timeoutMs, stdin) {
-    const child = spawn(command, {
-        cwd,
-        shell: true,
-        stdio: ["pipe", "pipe", "pipe"],
-    });
-    let stdout = "";
-    let stderr = "";
-    let timedOut = false;
-    const timer = setTimeout(() => {
-        timedOut = true;
-        child.kill("SIGTERM");
-    }, timeoutMs);
-    child.stdout?.on("data", (chunk) => {
-        stdout += chunk.toString();
-    });
-    child.stderr?.on("data", (chunk) => {
-        stderr += chunk.toString();
-    });
-    if (stdin)
-        child.stdin?.end(stdin);
-    else
-        child.stdin?.end();
-    const [code] = (await once(child, "exit"));
-    clearTimeout(timer);
-    return { code, stdout, stderr, timedOut };
-}
-function stringArg(value) {
-    return typeof value === "string" ? value : "";
-}
-function shellQuote(value) {
-    return `'${value.replaceAll("'", "'\\''")}'`;
-}
-function truncate(value, max) {
-    if (value.length <= max)
-        return value;
-    return `${value.slice(0, max)}\n\n...[truncated ${value.length - max} chars]`;
-}
 //# sourceMappingURL=code-agent-executor.js.map